|
|
|
|
|
|
IT Security and Insecurity Portal |
|
Posted: Sun Feb 18, 2007 9:39 am |
|
|
raoul_duke |
Beginner |
|
|
Joined: Feb 12, 2007 |
Posts: 3 |
|
|
|
|
|
|
|
I missed this thread, i've been trying to crack this for a couple of weeks now with no joy. I'd appreciate it if someone with the means to unencrypt it could give it a try for me:
54723778e6667ca722233bc79572f808 |
|
|
|
|
Posted: Sat Mar 31, 2007 2:59 pm |
|
|
Tw1stedL0gic |
Regular user |
|
|
Joined: Mar 31, 2007 |
Posts: 11 |
|
|
|
|
|
|
|
Hi,
Sorry to just come along and request a crack, but could someone be kind enough to crack these md5 hashes?
184d1f185c679e6068802db6404179f1
be08cffb8a9d6e0a59e0f581409d0526
d30508fe29f1e7af18653527281b5cbc
Thanks very much. |
|
|
|
|
Posted: Sun Apr 01, 2007 1:10 pm |
|
|
Tw1stedL0gic |
Regular user |
|
|
Joined: Mar 31, 2007 |
Posts: 11 |
|
|
|
|
|
|
|
Ok, it looks like this forum isn't too active!
I've now created 5 rainbow tables and making more.
The thing that worries me is the fact that my calculator software say's I'll only have 0.08% success!!!
Here's my settings:
MD5
loweralpha-numeric
length: 5-9
Chain Len: 2100
Chain Count: 8,000,000
This is the setting recommended in the tutorial. Is this going to work?
If not can someone recommend a setting for finding an alphanumeric MD5 password, HDD space is not an issue, but time is. I'd like each table to take under 24 hours, a week in total.
THANK YOU for ANY help!!! |
|
|
|
|
|
|
|
|
Posted: Mon Apr 02, 2007 11:09 pm |
|
|
Chb |
Valuable expert |
|
|
Joined: Jul 23, 2005 |
Posts: 206 |
Location: Germany |
|
|
|
|
|
|
Hm, maybe are five tables just too few? But I do not know if 0.08% are right... I do not think, that you will have a lot of success with your tables generated in one week. RT's need time to generate. That's a fact. But therefor searching for hashes will go faster.
And by the way, this forum can be active. But in my humble opinion it just sucks if one-poster come here to get there damn hashes cracked. :p |
|
|
|
|
|
|
|
|
Posted: Tue Apr 03, 2007 3:25 am |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
I tried those three hashes against couple of Rainbow tables:
[a-z] {1,9}
[a-z0-9]{1,8}
{a-zA-Z0-9]{1,7}
and some more, and result is zero! So those are very good password's hashes or there is salting used
Tw1stedL0gic wrote: | Ok, it looks like this forum isn't too active!
I've now created 5 rainbow tables and making more.
The thing that worries me is the fact that my calculator software say's I'll only have 0.08% success!!!
Here's my settings:
MD5
loweralpha-numeric
length: 5-9
Chain Len: 2100
Chain Count: 8,000,000
This is the setting recommended in the tutorial. Is this going to work?
If not can someone recommend a setting for finding an alphanumeric MD5 password, HDD space is not an issue, but time is. I'd like each table to take under 24 hours, a week in total.
THANK YOU for ANY help!!! |
|
|
|
|
|
|
|
|
|
Posted: Tue Apr 24, 2007 7:30 pm |
|
|
Tw1stedL0gic |
Regular user |
|
|
Joined: Mar 31, 2007 |
Posts: 11 |
|
|
|
|
|
|
|
waraxe wrote: | I tried those three hashes against couple of Rainbow tables:
[a-z] {1,9}
[a-z0-9]{1,8}
{a-zA-Z0-9]{1,7}
and some more, and result is zero! So those are very good password's hashes or there is salting used
Tw1stedL0gic wrote: | Ok, it looks like this forum isn't too active!
I've now created 5 rainbow tables and making more.
The thing that worries me is the fact that my calculator software say's I'll only have 0.08% success!!!
Here's my settings:
MD5
loweralpha-numeric
length: 5-9
Chain Len: 2100
Chain Count: 8,000,000
This is the setting recommended in the tutorial. Is this going to work?
If not can someone recommend a setting for finding an alphanumeric MD5 password, HDD space is not an issue, but time is. I'd like each table to take under 24 hours, a week in total.
THANK YOU for ANY help!!! |
|
Thanks for the help!
Dunno if salting was used. They were generated by an OSCommerce system.
Actually, the passwords are stored like this:
184d1f185c679e6068802db6404179f1:a4
be08cffb8a9d6e0a59e0f581409d0526:b9
d30508fe29f1e7af18653527281b5cbc:c9
Notice the colon followed by another two characters. What are these? I don't recognise this system. |
|
|
|
|
|
|
|
|
Posted: Wed Apr 25, 2007 12:11 pm |
|
|
Chb |
Valuable expert |
|
|
Joined: Jul 23, 2005 |
Posts: 206 |
Location: Germany |
|
|
|
|
|
|
Tw1stedL0gic: Looks like some kind of salting. *g* |
|
|
|
|
Posted: Wed Apr 25, 2007 1:15 pm |
|
|
Tw1stedL0gic |
Regular user |
|
|
Joined: Mar 31, 2007 |
Posts: 11 |
|
|
|
|
|
|
|
Chb wrote: | Tw1stedL0gic: Looks like some kind of salting. *g* |
I'm new to salting, so forgive me if i'm being naive, but if I get my hands on the source of the PHP login script, can the salting be reversed, or is it irreversible? |
|
|
|
|
Posted: Wed Apr 25, 2007 2:10 pm |
|
|
Chb |
Valuable expert |
|
|
Joined: Jul 23, 2005 |
Posts: 206 |
Location: Germany |
|
|
|
|
|
|
Tw1stedL0gic: This is depending of the algorithm which has been used. In most cases it is irreversible (what means, you can still crack it, but with more work and time needed to crack). |
|
|
|
|
Posted: Wed Apr 25, 2007 9:14 pm |
|
|
Tw1stedL0gic |
Regular user |
|
|
Joined: Mar 31, 2007 |
Posts: 11 |
|
|
|
|
|
|
|
Chb wrote: | Tw1stedL0gic: This is depending of the algorithm which has been used. In most cases it is irreversible (what means, you can still crack it, but with more work and time needed to crack). |
Well I have all the time in the world.
Can anyone point me in the direction of information on salting?
I can probably acces the PHP script which salted the password if that helps.
It appears that older versions of osCommerce has an admin login page (osc now relies on HTAccess protected directories) |
|
|
|
|
|
|
|
|
Posted: Wed Apr 25, 2007 10:41 pm |
|
|
ToXiC |
Moderator |
|
|
Joined: Dec 01, 2004 |
Posts: 181 |
Location: Cyprus |
|
|
|
|
|
|
Tw1stedL0gic wrote: | Chb wrote: | Tw1stedL0gic: This is depending of the algorithm which has been used. In most cases it is irreversible (what means, you can still crack it, but with more work and time needed to crack). |
Code: | I just copied and paste the tool i have on md5this.com
You may find it interesting
|
Well I have all the time in the world.
Can anyone point me in the direction of information on salting?
I can probably acces the PHP script which salted the password if that helps.
It appears that older versions of osCommerce has an admin login page (osc now relies on HTAccess protected directories) |
Due to increased interest for salted Md5's over the last months, the Md5This Team would like to share the small tool we created to recover salted Md5 passwords (commonly used nowadays in web applications and forums - e.g. VBulletinBoard and InvisionPowerBoard).
The tool has just been created so bare with us. Feedback appreciated. It's been written in java to maintain platform independency. We are planning to improve it and also write it in C in order to improve it's speed.
Currently it's not supporting brute force attacks only dictionary (the dictionary will have to be provided by you). We have already uploaded a couple of wordlists (a small one of 3MB and a big one of 200MB in case you need one to get started). You will need to install JRE (Java Runtime Environment - get the latest one from http://java.sun.com/javase/downloads if you don't have one installed already) on your pc in order to run it like any other application created in java.
Installation:
Download, unzip and run Md5This Tool jar file.
Usage: (simple explanation)
A. Choose your usage from the Method selection box before starting:
1. Md5 method is the traditional Md5 algorithm for passwords hashed once. Salt not needed. A valid Md5 string needs to be provided in the Md5 text box in order to get a result if this method is selected.
2. E107 method is a password hashed twice. For example a password "hello" would hash to "5d41402abc4b2a76b9719d911017c592" and then "5d41402abc4b2a76b9719d911017c592" is hashed to "69a329523ce1ec88bf63061863d9cb14" . Salt not needed. A valid Md5 string needs to be provided in the Md5 text box in order to get a result is this method is selected.
3. VBulletin method is a password "hello" hashed to "5d41402abc4b2a76b9719d911017c592", then add a salt "testsalt" to "5d41402abc4b2a76b9719d911017c592" which will form "5d41402abc4b2a76b9719d911017c592testsalt" and then this string hashed to "b9a8f3032597bc73d564a6c846787f5b". A valid Md5 string and a salt (which you have already found by some means!--Not taking questions on this, one it's your responsibility) needs to be provided in the Md5 text box in order to get a result if this method is selected.
4. InvisionPowerBoard method is a password "hello" hashed to "5d41402abc4b2a76b9719d911017c592", then a salt "testsalt" hashed to "315240c61218a4a861ec949166a85ef0" and the "315240c61218a4a861ec949166a85ef05d41402abc4b2a76b9719d911017c592" hashes hashed to Md5 hash "74223e0c12d03f63572265bca9588dd9". A valid Md5 string and a salt (which you have already found by some means!--Not taking questions on this, one it's your responsibility) needs to be provided in the Md5 text box in order to get a result if this method is selected.
B. Enter a valid Md5 hash in the md5 text box and a salt (if needed - according to the method selected--see above.)
C. Press the Get Wordlist & Start button, navigate to your wordlist and select it. You will get a message with the approximate time the application will take to scan through the entire list according to the size of the wordlist. Differend processor configurations though will result to different timings. The time is computed according to the PC on which it was tested but there shouldn't be a big difference for wordlists smaller than 200MB. The application might look like it's not responding during execution time but it's actually working very fast that's why it happens (look on your task manager and you will see it's actually running!). If your password is found the application will stop and display your password in plaintext, otherwise it will scan the entire wordlist and display a "--not found--" message in the password field.
Furthermore, an Md5 simple calculator is provided at the bottom for convenience.
Tool Download Link:
http://www.md5this.com/bYMd5ThiS.rar
A small wordlist (the one used by Cain&Abel):
http://www.md5this.com/Wordlist.zip
a bigger wordlist will be uploaded soon. [/code] |
|
_________________ who|grep -i blonde|talk; cd~;wine;talk;touch;unzip;touch; strip;gasp;finger;gasp;mount; fsck; more; yes; gasp; umount; make clean; sleep;wakeup;goto http://www.md5this.com |
|
|
|
|
|
|
|
Posted: Wed Apr 25, 2007 10:47 pm |
|
|
Tw1stedL0gic |
Regular user |
|
|
Joined: Mar 31, 2007 |
Posts: 11 |
|
|
|
|
|
|
|
Sounds good, it appears that salting is the new thing.
But can it help me???!!!
I will pay whoever solves my password problem!
please PM me if you want to work on it. I'll sort you $50 if you nail it. |
|
|
|
|
Posted: Thu Apr 26, 2007 11:53 pm |
|
|
Tw1stedL0gic |
Regular user |
|
|
Joined: Mar 31, 2007 |
Posts: 11 |
|
|
|
|
|
|
|
I've got my hands on the salting function:
Code: |
function tep_encrypt_password($plain) {
$password = '';
for ($i=0; $i<10; $i++) {
$password .= tep_rand();
}
$salt = substr(md5($password), 0, 2);
$password = md5($salt . $plain) . ':' . $salt;
return $password;
} |
Can anyone help me crack this? |
|
|
|
|
Posted: Sat Aug 04, 2007 11:59 am |
|
|
LuCiFeR |
Beginner |
|
|
Joined: Aug 04, 2007 |
Posts: 2 |
|
|
|
|
|
|
|
Ok i have this one: bf7572452df0ddbc81d71df0556a95d4...
Can you give me some program vich can do it fast?
Thx |
|
|
|
|
Posted: Sun Aug 05, 2007 7:29 am |
|
|
1337 |
Regular user |
|
|
Joined: Jul 11, 2007 |
Posts: 6 |
|
|
|
|
|
|
|
c0d8c08896bc748af58af0573583a952 |
|
|
|
|
www.waraxe.us Forum Index -> MD5 hashes
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 14 of 14
Goto page Previous1, 2, 3 ... 12, 13, 14
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|